Tip, Tricks and Articles for iPad, iPhone, Mac
iCloud, Windows, Android, Office 365, Dropbox, Apps, and more

Please be on the alert to the increasing incidence of scam text messages that can appear in a 'legitimate' conversation.  

What I mean is that, if you see a message appear from the Commbank or ANZ Bank or Australia Post (or any sender like that), it may appear legitimate because it is preceded in the same 'conversation' by lots of valid texts from that business. ​

You may have seen recent articles in the press about the increasing incidence of mobile number porting - where a person's mobile number is moved to a different mobile service provider by an unknown person. If this happens, you suddenly find you no longer have mobile service. You may first receive a message that tells you the porting is happening - generally when it it is too late to stop it.

How can number porting happen? What benefit can a thief get from stealing a mobile number belonging to someone else.

A client of iTandCoffee was recently caught out by a scam that came in the form of a text. I visited her last week to check that there was nothing sinister left on her computer as a result of this incident.

The text she received said that her credit card had expired on her Apple account (which it had, a few months prior) and that she needed to update her details with Apple - so she gave away password and credit card information via a fake website, and provided a photo of her drivers license as proof of identity.

She realised pretty quickly that she had been scammed, and cancelled her credit card and changed her password.

But the fact that she gave a photo of her drivers license means she remains at risk of identity theft - as the scammer could use her ID to apply for credit, open certain types of accounts, or for other activities.

​You may have already read one or more of the articles we published about email 'sending' issues suffered by several iTandCoffee clients in the first week of February 2019.

A common theme for each of these clients was that they used Google to find a phone number for Technical Support. Two of them found a number for Bigpond Technical Support, and the other for Microsoft Technical Support.

The question is: Did they really call Bigpond and Microsoft, or did they get a business that pretends to offer this support?

One of the clients did get caught out and call a fake 'Bigpond Support' number.​

During the week, one of our very own iTandCoffee clients received a phone call from an automated voice telling her that the Internet was going to be disconnected due to the NBN being connected and that she needed to call a number to resolve this.

She hung up immediately due to a ‘gut feeling’ that something was off – great call! 
​
First of all, NBN will never phone you out of the blue to try to sign you up to a service over its network. You will receive a letter in the mail advising you when NBN is going to be available and of any disconnection.

There is a site you can go to verify when NBN is scheduled to be available at your own address - and the date by which you need to switch over.

Recently, I have been seeing a huge number of my Facebook friends friend re-posting the same post (or slight variations thereof) - stating that Facebook is limiting posts from their friends and that, getting friends to leave a comment or sticker in response to their post will force Facebook to show posts from a wider range of their friends

A client of iTandCoffee forwarded me this email this morning, querying what she should do about a service she is supposedly being charged for - one which she wasn't aware she had. She wanted to know what to do about it.  Here is the email she forwarded to me.

​The theft of mobile numbers - which can happen if someone gathers enough information about you (via 'snail' mail theft, social engineering, or other means) to set up a new SIM in your name and transfer your mobile number to that SIM - has been reported at various times in the press over the last 12 months or so.

It is known as 'mobile number porting', and can happen when some is the victim of identity theft.

• Here is such an article on 'mobile number porting', from June 2017.
• And here is the Money Smart website article about identify theft and fraud, and how to prevent it.

Can I request a 'password reset' text from my bank?

​I must say that I did check my own bank account after receiving Jeff's email, curious to see if my bank (Commbank) would text a password reset link to my mobile number if I chose their 'forgotten password' option.

Fortunately, Commbank requires you to enter 2 pieces of information before it will send you a message with a 'password reset' link.  You must provide a card number and your ATM PIN.  If your PIN is easily guessed (for example, it is your birthday, anniversary, or your postcode), then you could be in trouble.

If you can't provide the required two pieces of information, then you would have to call the Commbank call centre or visit a branch - and presumably convince the person on the other end of your identity.

What does your own bank require?  Can you request that a password reset link be sent to your mobile?

Do any of your online accounts send a 'password reset' link (or a password) to your mobile number?

It is worth definitely worth considering what might happen to all of your online accounts if someone was able to steal your mobile number. 

I know that Telstra will send you a text with your Bigpond account password, as long as you provide a few identity details - identity details that are no so difficult to obtain if you are a scammer!

The person who steals your mobile number could then log in to your Bigpond email account.  Once there, they could do a heap of password resets for your online accounts that use that email address - given that many online accounts will let you choose a 'forgotten password' option, and send an email with a link for resetting the account password.

Personally, I never use my Telstra Bigpond email address to register for any online accounts. That way, if someone was to get access to my Bigpond account, it would not be much use to them.  For all my other online accounts, I have 'two step verification' in place (or two-factor authentication) as an extra 'layer' of protection'.

Here's an article from iTandCoffee about this extra security measure:

• How to stay safer online - adding an extra layer of protection

  
The issue with two-step-verirfication if your mobile number is stolen

If your mobile number is stolen, you should consider which of your accounts has 'two step verification' in place - where a text is sent to your mobile with a code to enter after you have attempted to log in with your username/email address and password.  

While two step verification (or two factor authentication, if offered) is a 'must do' on all online accounts, it is of little value if your mobile number is stolen - especially if you have used the same password on lots of online accounts, and the thief/hacker has discovered that password.  You will no longer receive that 'protective' number code - the thief/hacker will.

Act quickly 

If ever you suspect you are the victim of the theft of your mobile number or any online account has been breached, act as quickly as you can to change passwords and contact your Telco and Bank.

If you need help with password resets (or any other security matters), iTandCoffee in Glen Iris can help.  Just call 1300 885 420 to make an appointment.

How was Jeff's friend hacked? 

For the example described above by Jeff T, I would wonder if the person involved had been caught out (perhaps without even realising it) by a phishing email, and given away her online banking details or other identity details, including her mobile phone number. 

Or she may have had her email and password stolen from some website that had been hacked, and may have used the same password for other online accounts (a big no-no!).  

She may have had an easy-to-guess PIN for her bank account.

Perhaps they had obtained personal information about her from her social media world; perhaps they had stolen statements or other letters from her letterbox.

While phone number porting scams are scary, I am sure that the scammers would not have been able to gain access to the victim's bank account simply by having a SIM with her mobile number. 

You may have seen reports in the press last week about a lady in Melbourne who was scammed out of $46,000 when she fell for a phone scam.  

Details are reported on the Victoria Police website:  Police warning re iTunes card scam. Here is an extract from the article.                                                

I was reading the Innovic monthly newsletter this week, and it included a handy link that I thought readers of our own iTandCoffee newsletter might appreciate.

It is a link to a site that allows you to check if your email address (or username) has been found on a list of details stolen from various well-known websites - for example, Dropbox, LinkedIn, Adobe, Yahoo.

This various websites were compromised at different times over the past few years, and email addresses, passwords and other details were stolen.

I found my own email address was listed twice on the 'hacked' list - for LinkedIn and for Dropbox.  

I had already changed my password for these sites, but it was unsettling to see that I was 'on the list'.

Its worth checking your own email address, and then ensuring that you have changed your password details for any site for which you DO appear on the list.

Here is a link to the website:

• Have I been pwned? Check if your email has been compromised in a data breach